平台
php
组件
wegia
修复版本
3.6.7
CVE-2026-31896 describes a critical SQL injection vulnerability discovered in WeGIA, a web manager for charitable institutions. This flaw allows an attacker, potentially bypassing authentication, to inject malicious SQL code into database queries, leading to data breaches or denial-of-service conditions. The vulnerability affects versions of WeGIA up to and including 3.6.6, and a fix is available in version 3.6.6.
The SQL injection vulnerability in WeGIA's removerprodutoocultar.php script poses a significant risk. Attackers can leverage this flaw to execute arbitrary SQL commands against the WeGIA database. This could lead to the exfiltration of sensitive data, such as donor information, financial records, and user credentials. Furthermore, attackers can manipulate the database to disrupt WeGIA's functionality, causing a denial-of-service attack. The use of extract($_REQUEST) without proper sanitization directly contributes to the vulnerability, allowing attackers to inject malicious code directly into SQL queries via user-controlled input. The provided proof-of-concept demonstrates a time-based delay attack, highlighting the potential for disruption.
CVE-2026-31896 was publicly disclosed on 2026-03-11. A proof-of-concept demonstrating the time-based SQL injection attack is publicly available, increasing the likelihood of exploitation. The vulnerability's critical severity (CVSS 9.8) and ease of exploitation make it a high-priority concern. It is not currently listed on CISA KEV, but its severity warrants monitoring. Active campaigns targeting charitable institutions are possible, given the sensitivity of the data typically managed by WeGIA.
Charitable institutions and organizations utilizing WeGIA to manage their operations are at significant risk. Specifically, those running older, unpatched versions of WeGIA (≤ 3.6.6) are particularly vulnerable. Shared hosting environments where multiple organizations share the same server infrastructure are also at increased risk, as a compromise of one WeGIA instance could potentially impact others.
• php: Examine web server access logs for requests to removerprodutoocultar.php containing suspicious SQL syntax in the request parameters.
grep -iE 'SELECT|INSERT|UPDATE|DELETE|UNION|DROP' /var/log/apache2/access.log | grep remover_produto_ocultar.php• php: Review the removerprodutoocultar.php script for the use of extract($_REQUEST) and direct concatenation of user-supplied variables into SQL queries.
• generic web: Monitor database server logs for unusual SQL queries originating from the WeGIA application server.
• database (mysql): Check for unauthorized database users or privilege escalations.
SELECT User, Host FROM mysql.user WHERE Host != 'localhost';disclosure
poc
漏洞利用状态
EPSS
0.03% (10% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-31896 is to immediately upgrade WeGIA to version 3.6.6 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting access to the removerprodutoocultar.php script, implementing strict input validation on all user-supplied data, and utilizing a Web Application Firewall (WAF) with SQL injection protection rules. Carefully review and harden database user permissions to limit the potential impact of a successful injection. After upgrading, confirm the fix by attempting to inject a simple SQL query through the vulnerable script and verifying that it is properly sanitized and does not execute.
将 WeGIA 更新到 3.6.6 或更高版本。此版本包含 SQL 注入漏洞的修复。建议在更新之前进行备份。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-31896 is a critical SQL injection vulnerability affecting WeGIA versions up to 3.6.6. It allows attackers to execute arbitrary SQL commands, potentially leading to data breaches or denial of service.
You are affected if you are using WeGIA version 3.6.6 or earlier. Immediately assess your environment and upgrade to the patched version.
Upgrade WeGIA to version 3.6.6 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access and using a WAF.
While no confirmed active exploitation is publicly known, the vulnerability's critical severity and available proof-of-concept increase the likelihood of exploitation. Continuous monitoring is recommended.
Refer to the WeGIA official website or security advisory channels for the latest information and updates regarding CVE-2026-31896.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。